Security on the Internet, as we all should know, is of the utmost importance. No one wants to lose all their hard work, their posts, images, their public face to someone else. So I am more than pleased to see that someone from Pervouralsk in the Russian Federation (IP 31.28.97.238 under the host 238.97.28.31.interra.ru) has been kind enough to test my log in security. In fact, they didn’t test it just once, before the permanent block came into effect they had attempted one hundred and fourteen different passwords to try to get to the backend of this blog. Since the block they’ve tried a further two hundred and thirty-one times.

Anyone with any commonsense who uses WordPress – and I would assume that anyone who does has a modicum of commonsense – knows that one of the first things you need to do is change the log in name from admin to something else. They will also know that a password must be secure, difficult to crack, complicated. It should comprise both lower and uppercase letters as well as numbers and, perhaps, symbols. This makes breaking in to a web site considerably more difficult. I have, naturally, long since changed from admin to something else, totally unrelated to the web site name, my name or anything close to admin or administrator. And my password? Well, not to give the game away, it has everything but the kitchen sink in there.

There are also additional safeguards a web site owner or user should employ: a good brute force blocker for one thing. Today Automattic upgraded JetPack – one of the vastly useful extensions to WordPress – to include BruteProtect, the plug-in which they bought out earlier in 2014. Everyone, and I think I wrote about this last year too, should activate it. The old BruteProtect plug-in is then automatically deactivated, and the new JetPack-based BruteProtect plug-in takes over.